If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

How do I test vernability of a daemon

I have recently installed a Web Server on my PC. I want to test how much vernable it is. I want to learn how to search for its weaknesses and exploits. I am a complete newbie in this field so I atleast need to get started. Thank you.

Well I might as well ask, because if I don't someone else will. You are going to have to give us more info.
What OS is the WEB Server installed on?
What kind of WEB Server is it?
What, if any, patches have you applied to both the OS & the WEB Server.
Come on, throw us a bone here mate, we are good, but we don't read minds.

Ok I have used Abyss web server before ( a long time ago). There were vulnerabilities back then. Don't know now. Ok I will give you a link to a tool that I might get negged for. It is a tool that can be used for both evil and good. Hopefully you will use it for good. It is at http://www.eeye.com/html/Products/Retina/index.html It is called Retina there is a free download for trial purpose. Very good security software at www.eeye.com just be aware that it is pretty expensive to buy the software. Well it is expensive for my pockets at least. I have seen it being used on Techtv before and it works well. Good luck let us know if that fits your needs.

Re: How do I test vernability of a daemon

Originally posted here by niloy I have recently installed a Web Server on my PC. I want to test how much vernable it is. I want to learn how to search for its weaknesses and exploits. I am a complete newbie in this field so I atleast need to get started. Thank you.

I use a linux product called nessus. I find it very useful for checking the security of my work servers etc. if you want you can mail me the ip address and I will scan your server and email you the report it produces back.

I use a linux product called nessus. I find it very useful for checking the security of my work servers etc.

I will second this (along with almost everyone else here at AO). The only *bad* thing (which isn't necessarily bad) is that you have to run the nessus server on a *nix based machine. They have a front end for nessus on win32 machines, but that will do you no good unless you have the server to connect to. I'd be impressed if you could find a public nessus server to connect to.

If you have a spare machine, I'd suggest loading *nix on it so you can get the feel of the broad range of tools available for both win32 and *nix. It would be well worth it depending on how much you are trying to learn. The best part is that *most* of the tools you get for *nix are free. Most of the good tools for windows are shareware or commercial (though you can still find *some* freeware good tools for win32 that are decent). Just so you know what I mean by broad range... have a look at the "top 75 security tools "

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.